apiVersion: v1
kind: Pod
metadata:
  name: socialstream
  annotations:
    # Setting spec.force to true will make Flux recreate the Pod when any
    # immutable field is changed, forcing the Pod to run every time the
    # container image tag changes.
    kustomize.toolkit.fluxcd.io/force: enabled
spec:
  restartPolicy: Never
  automountServiceAccountToken: false
  containers:
  - image: harbor.home.wugi.info/library/socialstream:0.1.45-2
    name: socialstream
    env:
    - name: container
      value: docker
    command:
    - /bin/bash
    - -c
    - |
      set -o nounset -o errexit -o pipefail -o xtrace

      systemctl enable socialstream.service

      rm -vf /usr/lib/systemd/system/systemd-networkd*
      rm -vf /usr/lib/systemd/system/systemd-firstboot.service
      rm -vf /usr/lib/systemd/system/systemd-resolved.service

      passwd --delete root

      umount /sys/fs/cgroup
      mount -t cgroup2 -o rw,relatime,nsdelegate,memory_recursiveprot cgroup2 /sys/fs/cgroup

      sed -i 's@#TTYPath=/dev/console@TTYPath=/dev/console@; s@#ForwardToConsole=no@ForwardToConsole=yes@' /etc/systemd/journald.conf

      exec /sbin/init
    securityContext:
      capabilities:
        add:
        - NET_ADMIN
        - NET_BIND_SERVICE
        - NET_RAW
        - SYS_ADMIN
        - SYS_NICE
        - SYS_TIME
    resources:
      limits:
        cpu: 2000m
        memory: 4096Mi
      requests:
        cpu: 100m
        memory: 512Mi
    tty: true
    livenessProbe:
      exec:
        command:
        - /bin/systemctl
        - is-system-running
      failureThreshold: 100
      periodSeconds: 10
      timeoutSeconds: 15
    volumeMounts:
    - mountPath: /run
      name: run
    - mountPath: /tmp
      name: tmp
    - mountPath: /tmp/.X11-unix/X0
      name: x11-unix-socket
    - mountPath: /dev/dri
      name: dev-dri
  volumes:
  - emptyDir:
      medium: Memory
      sizeLimit: 512M
    name: run
  - emptyDir:
      medium: Memory
      sizeLimit: 2G
    name: tmp
  - name: x11-unix-socket
    hostPath:
      path: /tmp/.X11-unix/X0
      type: Socket
  - name: dev-dri
    hostPath:
      path: /dev/dri
      type: Directory
